* Please do not reply to this email, follow the instructions in the report of the complaint.

Warning: Your period for justification is 48h.

Regards,
{name}
Administration Orkut.com

Note: *We are taking measures in accordance with the laws in your country. (Brazil)
* Please meet the requirements of the report within the stipulated period.

Figure 1 shows the Portuguese Orkut spam (click to view larger version). Users who click on the first link on the email are led to a phishing page (see Figure 2). At this point users may be led to key in their credentials at this fake site, compromising access to their Orkut accounts. When the browser opens to the phishing page, the browser also automatically downloads a certain file which, should the user accept the download, when saved and run, introduces a BANKER variant (TROJ_BANKER.GAT) to the system.

BANKER variants and their components are notorious malware that together sit silently in victims’ PCs waiting until users browse online banking sites. These then either change the online banking site from the real site to a fake one or directly steal keyed in information such as user names and passwords.

Users are always advised to enter sites requiring logins using their clean bookmarks or by typing in the correct URL at the browser address bar. Also, ignore email (and the links therein) that come from doubtful or unknown sources. Smart Protection Network protects Trend Micro users from this attack by identifying the phishing mail as malicious, by blocking access to the phishing page, by preventing the download of the malicious file, and by detecting the downloaded file (and related malware) as malicious.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware: